HP-UX IPSec version A.02.01 Administrator's Guide
Using Certificates with HP-UX IPSec
Overview
Chapter 5 153
Overview
You must use security certificates if you are using digital signatures
(RSA signatures) for IKE authentication. HP-UX IPSec uses the
certificates to obtain cryptography keys for digital signatures and to
verify the digital signatures. If you are not using digital signatures for
IKE authentication, you can skip this chapter.
Security Certificates and Public Key Cryptography
Security certificates are used for public key cryptography, also
referred to as asymmetric key cryptography. Public key
cryptography uses a pair of related, but different keys. One key, the
private key, is associated with a specific system or entity and is kept
secret; the other key is the public key and can be distributed freely. The
public and private keys are mathematically related so that data
encrypted with the public key can only be decrypted with the private key.
Public Key Distribution
With asymmetric key cryptography, the public key can be freely
distributed over a non-secure communication channel.
However, there must be some assurance that a particular public key is
the actual public key of the entity with which you want to communicate.
This is usually done by distributing public keys in the form of
public-key certificates, commonly referred to as security
certificates.
Security Certificates
A security certificate associates (or binds) a public key with a particular
person, device, or other entity. The certificate is issued by an entity, in
whom users have put their trust, called a certificate authority (CA) that
guarantees or confirms the identity of the holder (person, device, or other
entity) of the corresponding private key. The CA digitally signs the
certificate with the CA’s private key, so the certificate can be verified
using the CA’s public key.
The format for security certificates (public-key certificates) is defined by
the International Organization for Standardization (ISO) X.509
standard, Version 3.